Uninitialized Value Vulnerability in Linux Kernel's ext4 Filesystem by The Linux Foundation
CVE-2022-50546

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 7 October 2025

What is CVE-2022-50546?

A vulnerability in the Linux kernel's ext4 filesystem has been found where an uninitialized value may be accessed, leading to potential data integrity issues. This occurs in the function ext4_evict_inode, specifically when newly allocated inodes are handled improperly. If an inode creation process fails before it sets certain flags, unsanitized values can be accessed later, resulting in undefined behavior. Patches have been applied to initialize inode flags to prevent such occurrences, ensuring safer memory management and enhancing overall system stability.

Affected Version(s)

Linux bb337d8dd1e1d6b7719872e45e36392f3ab14b4f

Linux a5f9bd4beae8553480d02b569d4aabee1b49345d

Linux 0e6fbc566fcc4c230bf80f76cf5df26b42142d8a < 091f85db4c3fb1734a6d7fb4777a2b2831da6631

References

https://git.kernel.org/stable/c/f0bffdcc7cb14598af2aa706f...

https://git.kernel.org/stable/c/e431b4fb1fb8c2654b808086e...

https://git.kernel.org/stable/c/091f85db4c3fb1734a6d7fb47...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 7, 2025
Vulnerability Reserved
Oct 7, 2025

JSON